Hi All,
We are utilizing Fortinet products in our environment for a few years now, so to better help my journey as an effective administrator, i tried setting up a home lab using VMware.
Very simple setup:
one virtual machine (10.100.73.201)---> (10.100.73.1) Fortigate VM (192.168.0.65) ---> (192.168.0.1) Internet (ISP modem)
one policy for testing purposes: any/any/all.
Oddly, when i first deploy the VM, everything works (tested this 3 times). I can ping, browse, windows updates (everything). The following day, I can no longer browse even though there were no config changes. From the my virtual machine, i can ping the fortigate, from the fortigate i can ping the internet (8.8.8.8) and fortiguard servers are connected. DHCP on the fortigate interface, issues an address to the virtual machine and acts as the DNS server and DNS queries from the VM work against the FG interface. Below i've done a simple debug to 8.8.8.8 to catch pings, with show function enable:
id=65308 trace_id=11 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=1, 10.100.73.201:1->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=1, seq=79."
id=65308 trace_id=11 func=init_ip_session_common line=6049 msg="allocate a new session-0000189f, tun_id=0.0.0.0"
id=65308 trace_id=11 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-192.168.0.1 via port3"
Based on the above, looks like everything is ok. No fancy config at this point. I've deployed this 3 times and everything works flawlessly after the deployment. when i return to use the setup the following day, its broken and out of ideas.
Any help is appreciated.
#fortigate
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I would recommend to check whether license is valid and traffic sniffer (i.e. diagnose sniffer packet any 'icmp and host 8.8.8.8' 4 0 a) and check whether traffic is sent, NATed and return traffic is received.
Hello,
I would recommend to check whether license is valid and traffic sniffer (i.e. diagnose sniffer packet any 'icmp and host 8.8.8.8' 4 0 a) and check whether traffic is sent, NATed and return traffic is received.
Thanks for this. 'get system status' gives me license as Invalid. Did some research, noticed some persons stating a prompt is received on first GUI login, to select 'evaluation or full license'. Didn't get this prompt, even after factory resetting.
Also tried following the steps to activate via CLI as listed in the FortiOS admin guide however, it throws a command parse error. Did notice 'exec vm-license-options' isn't listed as a command.
exec vm-license-options account-id myforti@email.com
exec vm-license-options account-password xxxxxxx
Think i figured it out. There are two different images 'FortiGate-VM and FortiOS-VM'.
Thanks for pointing me in the right direction with the licensing check.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.